Skip to Main content Skip to Navigation
Conference papers

Stealthier Inter-packet Timing Covert Channels

Abstract : Covert channels aim to hide the existence of communication. Recently proposed packet-timing channels encode covert data in inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show that ~80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder to detect. Only ~9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending on overt traffic and network jitter.
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01583422
Contributor : Hal Ifip <>
Submitted on : Thursday, September 7, 2017 - 11:58:07 AM
Last modification on : Thursday, September 7, 2017 - 3:24:22 PM

File

978-3-642-20757-0_36_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Sebastian Zander, Grenville Armitage, Philip Branch. Stealthier Inter-packet Timing Covert Channels. 10th IFIP Networking Conference (NETWORKING), May 2011, Valencia, Spain. pp.458-470, ⟨10.1007/978-3-642-20757-0_36⟩. ⟨hal-01583422⟩

Share

Metrics

Record views

166

Files downloads

202